| With more and more sites only use defense techniques intruded by hackers, security experts found that to build a security system is not enough. The Intrusion Detection is a new security technology, apart from tradition security defense techniques, such as firewall and data encrypt. IDS watch the computers and network traffic for intrusive and suspicious activities. They detect not only the intrusions from the External hacker, but also the unauthorized operations from intranet users.With the development of computer and network technologies, the popularization of numerous storage and wide-band transportation .IDS should be face with more and more data. It spends much time to analyze these data. Now there are all kinds of intrusion means. It's difficult to detect complicate and unknown intrusion means with feature set obtained by manual. So we need a strong tools to realize function of character learning, discover the latency relation that these data have, send these relations to IDS for the second dealing.This paper apply the Data Mining technology and theory of fuzzy math to traditional intrusion detection in order to improve the detect-ability of whole IDS and reduce its fake alert and error alert, my main work is listed as follow:1.Apply an Improved Weighted Association Rules to extract intrusion featureComparing the algorithms of Data Mining we think the APRIORIN algorithm is suitable for IDS. By analyzing the existent flaws and thinking over the applied environment–IDS, we improve on these flaws and provide an algorithm of Improved Weighted Association Rule with examples to prove the improvement is effective.2.Apply Dynamic Clustering based on Fuzzy congruence relation to inducing and analyzing intrusion character set.The algorithm Improved Weighted Association Rule only can make summarize of historic intrusion and can't predict unknown intrusion behaviors. This paper provided a algorithm that apply fuzzy theory and cluster to intrusion detection to finish inductively learning intrusion set secondly, which make it easy to tell whether intrusion happen or not from higher abstract layer. The algorithm can generate different cluster in different abstract with adjusting threshold value, which make system recognize all kinds of intrusion behaviors in different layers. Especially in model of rule analyzing and matching in real time we3. Providing design of whole intrusion detection systemWe firstly provide the model of system which make up of two part including part of character learning and part of detection in real time, then describe process of key model to... |
PDF Full Text Request